What You Know We Know How Your PII Isnt Secure Enough to Be Called Personal Anymore SecureWorld Seattle Slides 2018.pdf
AbigailMcAlpine
10 views
42 slides
Jun 27, 2024
Slide 1 of 42
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
About This Presentation
What You Know, We Know: How Your PII Isn’t Secure Enough to Be Called Personal Anymore. Moving away from confidential information authentication due to no longer being fit for purpose. Presented at SecureWorld Seattle 2018
Slide Content
Abigail McAlpine
Cyber Security Researcher (PhD) from the Secure
Societies Institute at The University of Huddersfield
What You Know, We Know: How
Your PII Isn’t Secure Enough to
Be Called Personal Anymore
Cyber Security Researcher (PhD) from the Secure
Societies Institute at The University of Huddersfield
What You Know, We Know: How
Your PII Isn’t Secure Enough to
Be Called Personal Anymore
AM
Background
•Cyber Security Researcher (PhD) from the Secure Societies
Institute at the University of Huddersfield
•Research on Personally Identifiable Information (PII) of
children aged (11-16) on Social Networking Services (SNS)
focussing particularly on the most commonly used platforms
according to Ofcom’s “Children and parents: media use and
attitudes report 2018
•Human-based cyber security research, particularly focusing
on the “what” and “where” of sharing online when it comes to
children’s information
•Research is still in collection, public, parents and children
•My background pre-PhD was in business and marketing as a
marketing manager
Background
•Cyber Security Researcher (PhD) from the Secure Societies
Institute at the University of Huddersfield
•Research on Personally Identifiable Information (PII) of
children aged (11-16) on Social Networking Services (SNS)
focussing particularly on the most commonly used platforms
according to Ofcom’s “Children and parents: media use and
attitudes report 2018
•Human-based cyber security research, particularly focusing
on the “what” and “where” of sharing online when it comes to
children’s information
•Research is still in collection, public, parents and children
•My background pre-PhD was in business and marketing as a
marketing manager
AM
What is Personal Identifiable
Information (PII)?
•Personal data is information that relates to an identified or
identifiable individual.
•What identifies an individual could be as simple as a name
or a number or could include other identifiers such as an IP
address or a cookie identifier, or other factors.
•If it is possible to identify an individual directly from the
information you are processing, then that information may
be personal data.
•https://ico.org.uk
What is Personal Identifiable
Information (PII)?
•Personal data is information that relates to an identified or
identifiable individual.
•What identifies an individual could be as simple as a name
or a number or could include other identifiers such as an IP
address or a cookie identifier, or other factors.
•If it is possible to identify an individual directly from the
information you are processing, then that information may
be personal data.
•https://ico.org.uk
AM
What is PII?
•Even if an individual is identified or identifiable, directly or
indirectly, from the data you are processing, it is not
personal data unless it ‘relates to’ the individual.
•When considering whether information ‘relates to’ an
individual, you need to take into account a range of factors,
including the content of the information, the purpose or
purposes for which you are processing it and the likely
impact or effect of that processing on the individual.
•It is possible that the same information is personal data for
one controller’s purposes but is not personal data for the
purposes of another controller.
4
What is PII?
•Even if an individual is identified or identifiable, directly or
indirectly, from the data you are processing, it is not
personal data unless it ‘relates to’ the individual.
•When considering whether information ‘relates to’ an
individual, you need to take into account a range of factors,
including the content of the information, the purpose or
purposes for which you are processing it and the likely
impact or effect of that processing on the individual.
•It is possible that the same information is personal data for
one controller’s purposes but is not personal data for the
purposes of another controller.
4
AM
What are SNS?
•SNS – Social Networking Services
•These include Facebook, Twitter, Instagram and more
•Discord/Slack other messaging services
Add a footer 5
What are SNS?
•SNS – Social Networking Services
•These include Facebook, Twitter, Instagram and more
•Discord/Slack other messaging services
Add a footer 5
Children's fingerprints on
the web - the end of PII
Authentication?
Who is the girl on the left?
the web - the end of PII
Authentication?
Who is the girl on the left?
AM
Marketing potential
•We can guess her age is probably between 11-14
(Wider guess of 10-16)
•We can reasonably articulate an idea of her assigned
gender
•We can see her uniform – idea of location,
confirmation of age group
•We can see she has her own phone – she seems very
attached
Marketing potential
•We can guess her age is probably between 11-14
(Wider guess of 10-16)
•We can reasonably articulate an idea of her assigned
gender
•We can see her uniform – idea of location,
confirmation of age group
•We can see she has her own phone – she seems very
attached
AM
In marketing this would be seen as
rich data – worth investing time and
money into…
•With this information we could curate a customer persona, we could
adjust marketing, we could curate a timeline of potential sales
funnels to pitch.
•This information is still very valuable to us
•We don’t need to know her identity
8
In marketing this would be seen as
rich data – worth investing time and
money into…
•With this information we could curate a customer persona, we could
adjust marketing, we could curate a timeline of potential sales
funnels to pitch.
•This information is still very valuable to us
•We don’t need to know her identity
8
AM
In security
•There’s potential to use this information in future fact
finding to collate a bigger picture of her identity
•Basic OSINT (Open-source intelligence) tools can track her
and build on the information provided
•It’s the potential of future information that will cause issues
to her identity
9
In security
•There’s potential to use this information in future fact
finding to collate a bigger picture of her identity
•Basic OSINT (Open-source intelligence) tools can track her
and build on the information provided
•It’s the potential of future information that will cause issues
to her identity
9
AM
•The ability and tools to collate more information about
an individual (regardless of age) exist in both marketing
and cyber security industries
•The skills to take the information we have and turn into
viable information are already in the room, a lot of the
tools and methods to do so are very established, be it in
technology or simply observing an individual
•These cases will always exist, it is justifiable for the
existence of data collection around children online for
marketing purposes – whether directly through children’s
use, or through a third party or parent’s use or
purchasing data points.
10
•The ability and tools to collate more information about
an individual (regardless of age) exist in both marketing
and cyber security industries
•The skills to take the information we have and turn into
viable information are already in the room, a lot of the
tools and methods to do so are very established, be it in
technology or simply observing an individual
•These cases will always exist, it is justifiable for the
existence of data collection around children online for
marketing purposes – whether directly through children’s
use, or through a third party or parent’s use or
purchasing data points.
10
AM
•Some of the largest datasets on children in the world are owned by
Social Networking Services (SNS)
•They have this information, it’s usually attached to an identity.
•Encouragement of PII sharing, location data, connecting with more
users, spending more time on the platforms
11
•Some of the largest datasets on children in the world are owned by
Social Networking Services (SNS)
•They have this information, it’s usually attached to an identity.
•Encouragement of PII sharing, location data, connecting with more
users, spending more time on the platforms
11
AM
Ofcom Report (12-15)
•83% of 12-15 year olds have their own smartphone
•50% of 12-15 year olds have their own tablet
•99% of 12-15 year olds go online for 20 ½ hours per week
•69% have a social media profile
12Children and parents: Media use and attitudes report 2018
Ofcom Report (12-15)
•83% of 12-15 year olds have their own smartphone
•50% of 12-15 year olds have their own tablet
•99% of 12-15 year olds go online for 20 ½ hours per week
•69% have a social media profile
12Children and parents: Media use and attitudes report 2018
AM
Ofcom Report (8-11)
•35% of 8-11 year olds have their own smartphone
•50% of 8-11 year olds have their own tablet
•93% of 8-11 year olds go online for 13 ½ hours per week
•18% of 8-11 year olds have a social media profile
13Children and parents: Media use and attitudes report 2018
Ofcom Report (8-11)
•35% of 8-11 year olds have their own smartphone
•50% of 8-11 year olds have their own tablet
•93% of 8-11 year olds go online for 13 ½ hours per week
•18% of 8-11 year olds have a social media profile
13Children and parents: Media use and attitudes report 2018
What happens
when children’s
data is breached
online?
when children’s
data is breached
online?
AM
Huge changes in Facebook
•Encrypted end-to-end messages through the messenger
app
•18.4 million reports of child sexual abuse worldwide in
2018, a staggering 12 million trace back to Facebook
Messenger.
•Reducing Permanence – deleting long term information as
standard (undefined) March 2019
•Right to be forgotten/ The right to erasure – GDPR 2018.
Doesn’t limit the sharing of information primarily
•Suspension of tens of thousands of applications (69,000) in
Sept 2019 made by about 400 developments
15
Huge changes in Facebook
•Encrypted end-to-end messages through the messenger
app
•18.4 million reports of child sexual abuse worldwide in
2018, a staggering 12 million trace back to Facebook
Messenger.
•Reducing Permanence – deleting long term information as
standard (undefined) March 2019
•Right to be forgotten/ The right to erasure – GDPR 2018.
Doesn’t limit the sharing of information primarily
•Suspension of tens of thousands of applications (69,000) in
Sept 2019 made by about 400 developments
15
AMParental Awareness of
Minimum Age Requirement
(13)
•Facebook 32%
•Instagram 28%
•Snapchat 15%
16Ofcom Children and parents: Media use and attitudes report 2018
Minimum Age Requirement
(13)
•Facebook 32%
•Instagram 28%
•Snapchat 15%
16Ofcom Children and parents: Media use and attitudes report 2018
AM
Children lie about their age
•EU Kids Online conducted studies between
2011 and 2014 in 22 different countries
•1 in 4 of the 9-to-10-year-olds and 1 in 2 of the
11-to-12-year-olds were using Facebook
already
•4 in 10 gave a false age.
17
Children lie about their age
•EU Kids Online conducted studies between
2011 and 2014 in 22 different countries
•1 in 4 of the 9-to-10-year-olds and 1 in 2 of the
11-to-12-year-olds were using Facebook
already
•4 in 10 gave a false age.
17
AM
How many children on SNS?
•In 2011 there was an estimated 20 million minors use
Facebook, according toConsumer Reports; 7.5 million
of these are under 13.
•These estimates are no longer in date and the
possibility of establishing an accurate number has been
significantly decreased as more children lie to get past
age verification systems
18
How many children on SNS?
•In 2011 there was an estimated 20 million minors use
Facebook, according toConsumer Reports; 7.5 million
of these are under 13.
•These estimates are no longer in date and the
possibility of establishing an accurate number has been
significantly decreased as more children lie to get past
age verification systems
18
Building a timeline
of SNS
Social Networking Services
of SNS
Social Networking Services
AM
Timeline
A timeline of SNS as we know it today;
•1997: First SNS – “Six Degrees” and AOL Messenger
•1999: MSN Messenger and Yahoo Messenger Launch
•2001: Six Degrees Shuts Down
•2002: Friendster launches
•2003: LinkedIn and Myspace launch
•2004: Facebook launches
•2005: Reddit, Bebo, YouTube launch
•2006: Twitter Launches, Facebook releases newsfeed feature
20
Timeline
A timeline of SNS as we know it today;
•1997: First SNS – “Six Degrees” and AOL Messenger
•1999: MSN Messenger and Yahoo Messenger Launch
•2001: Six Degrees Shuts Down
•2002: Friendster launches
•2003: LinkedIn and Myspace launch
•2004: Facebook launches
•2005: Reddit, Bebo, YouTube launch
•2006: Twitter Launches, Facebook releases newsfeed feature
20
AM
Timeline
A timeline of SNS as we know it today;
•2010: Pinterest and Instagram launch
•2012: Snapchat Launches Facebook acquires Instagram
Facebook releases newsfeed feature (2006)
21
Timeline
A timeline of SNS as we know it today;
•2010: Pinterest and Instagram launch
•2012: Snapchat Launches Facebook acquires Instagram
Facebook releases newsfeed feature (2006)
21
AM
Features of SNS
Some examples of features that have rolled out in the last 20 years or so.
Some in real time/ some pre-emptive.
•Location data
•Event tagging
•Friend tagging
•Facial recognition features (photo tagging)
•Messenger
•Announcements
•Life Events
22
Features of SNS
Some examples of features that have rolled out in the last 20 years or so.
Some in real time/ some pre-emptive.
•Location data
•Event tagging
•Friend tagging
•Facial recognition features (photo tagging)
•Messenger
•Announcements
•Life Events
22
AM
Snapchat Map
•SnapMap was a feature automatically rolled out in a June
2017 Snapchat update that tagged users location on a map
in real time to all their “friends” on Snapchat
•Snapchat had already established a young user group,
there was a reward system in place for snapchat streaks
resulting in points for users, the more “friends” users made,
the more streaks could be established, the points could be
gained
•There were different settings for how users could find each
other – some transparently – public/private profiles. Others,
including how you could find friends such as the apps
access to your contacts, have become better
communicated over time.
23
Snapchat Map
•SnapMap was a feature automatically rolled out in a June
2017 Snapchat update that tagged users location on a map
in real time to all their “friends” on Snapchat
•Snapchat had already established a young user group,
there was a reward system in place for snapchat streaks
resulting in points for users, the more “friends” users made,
the more streaks could be established, the points could be
gained
•There were different settings for how users could find each
other – some transparently – public/private profiles. Others,
including how you could find friends such as the apps
access to your contacts, have become better
communicated over time.
23
AM
Snapchat Issues
•SnapLion (IOS and Android) a play on (LEO) and “Law
Enforcement Officer”
•SnapLion’s purpose is to extract data from user accounts in the
aid of legal processes and investigation
•It’s essentially a backdoor exploit to the application
•Vice (May 2019) had internal emails discussing staff abusing and
circulating the images/account communications
24
Snapchat Issues
•SnapLion (IOS and Android) a play on (LEO) and “Law
Enforcement Officer”
•SnapLion’s purpose is to extract data from user accounts in the
aid of legal processes and investigation
•It’s essentially a backdoor exploit to the application
•Vice (May 2019) had internal emails discussing staff abusing and
circulating the images/account communications
24
AM
TikTok
•Is one of the worlds most downloaded applications, one
of the top 10 globally
•TikTok stated users must be over 13 but asked for no
proof
•Known previously as Musically, utilised Snapchats
successful model and Vine’s demise to carve a niche for
themselves with younger users.
•Public profiles by default – public comments by default
•If the profile was public the application had an open
messaging feature which resulted in children receiving
private messages from strangers
25
TikTok
•Is one of the worlds most downloaded applications, one
of the top 10 globally
•TikTok stated users must be over 13 but asked for no
proof
•Known previously as Musically, utilised Snapchats
successful model and Vine’s demise to carve a niche for
themselves with younger users.
•Public profiles by default – public comments by default
•If the profile was public the application had an open
messaging feature which resulted in children receiving
private messages from strangers
25
AM
SNS are targeting children with marketing
•We know this because of the tailored products and
services they are marketing towards their users based on
data collection and analysis
•They are rolling out features without any care or
consideration for children’s/users safety
26
SNS are targeting children with marketing
•We know this because of the tailored products and
services they are marketing towards their users based on
data collection and analysis
•They are rolling out features without any care or
consideration for children’s/users safety
26
AM
Childrens Sharing
•Children are sharing more content about themselves than
ever before to bigger audiences
•They are more vulnerable to peer pressure at various ages
•Some of children have more understanding of SNS than
their parents or educators
27
Childrens Sharing
•Children are sharing more content about themselves than
ever before to bigger audiences
•They are more vulnerable to peer pressure at various ages
•Some of children have more understanding of SNS than
their parents or educators
27
That is just
children’s sharing…
children’s sharing…
AM
Parents Sharing
•“Sharenting” – is the term being used for parents who share a
lot of information about their children online
•Some parents have been over-sharers from the beginning with
no prompts
•However, the introduction of Facebook and features such as
the newsfeed, announcements, timeline, memories have
prompted users to share more about their lives and their
children
•A lot of the PII information required can be found about users
independently, but control of the sharing about third parties
who haven’t necessarily consented to the sharing of the
information still accumulate
29
Parents Sharing
•“Sharenting” – is the term being used for parents who share a
lot of information about their children online
•Some parents have been over-sharers from the beginning with
no prompts
•However, the introduction of Facebook and features such as
the newsfeed, announcements, timeline, memories have
prompted users to share more about their lives and their
children
•A lot of the PII information required can be found about users
independently, but control of the sharing about third parties
who haven’t necessarily consented to the sharing of the
information still accumulate
29
AM
Fraud - Trends
•The theft of personal and financial data through social engineering and
data breaches was a major contributor to fraud losses in 2018.
•The stolen data is used to commit fraud both directly and indirectly.
•www.ukfinance.org.uk
•Recession/Economic turmoil
30
Fraud - Trends
•The theft of personal and financial data through social engineering and
data breaches was a major contributor to fraud losses in 2018.
•The stolen data is used to commit fraud both directly and indirectly.
•www.ukfinance.org.uk
•Recession/Economic turmoil
30
AM
Fraud - Trends
•In 2009, it was announced that fraud had increased
threefold in the previous year as a result of the recession
•Cases through British court alone accounted for more than
£1.1bn worth of fraud
•April 2018, a report in America (Javelin Strategy &
Research) on child fraud reported that more than 1 million
children were victims of identity theft or fraud in 2017.
•Two-thirds of those victims were age 7 or younger.
•Six in 10 child victims personally know the perpetrator.
31
Fraud - Trends
•In 2009, it was announced that fraud had increased
threefold in the previous year as a result of the recession
•Cases through British court alone accounted for more than
£1.1bn worth of fraud
•April 2018, a report in America (Javelin Strategy &
Research) on child fraud reported that more than 1 million
children were victims of identity theft or fraud in 2017.
•Two-thirds of those victims were age 7 or younger.
•Six in 10 child victims personally know the perpetrator.
31
AM
Why is PII used?
CIA Triad
•Confidentiality through preventing
access by unauthorized users.
•Integrity from validating that your
data is trustworthy and accurate.
•Availability by ensuring data is
available when needed.
32
www.ibm.com
Why is PII used?
CIA Triad
•Confidentiality through preventing
access by unauthorized users.
•Integrity from validating that your
data is trustworthy and accurate.
•Availability by ensuring data is
available when needed.
32
www.ibm.com
AM
Why is this used?
•The 3 A’s of cyber security
•Authentication, Authorization, and Accounting (AAA)
Authentication, authorization, and accounting (AAA) is a
term for a framework for intelligently controlling access to
computer resources, enforcing policies, auditing usage, and
providing the information necessary to bill for services.
These combined processes are considered important for
effective network management and security. -
searchsecurity.techtarget.com
33
Why is this used?
•The 3 A’s of cyber security
•Authentication, Authorization, and Accounting (AAA)
Authentication, authorization, and accounting (AAA) is a
term for a framework for intelligently controlling access to
computer resources, enforcing policies, auditing usage, and
providing the information necessary to bill for services.
These combined processes are considered important for
effective network management and security. -
searchsecurity.techtarget.com
33
AM
Facebook’s Timeline is 13
years old
•In 3 years time – children who have had every significant
moment of their life shared online – nearly all potential
PII authentication answer. 16 years old and old enough
for a debit account/card
•In 5 years time - children who have had every significant
moment of their life shared online – nearly all potential
PII authentication answers. 18 years old and old enough
for lines of credit, many products pushed in their
direction will be highly likely to be targeted at low credit
•Most will be venturing into the professional world, with
everything associated with it, including loans, linkedin
profiles, historic social media profiles
34
Facebook’s Timeline is 13
years old
•In 3 years time – children who have had every significant
moment of their life shared online – nearly all potential
PII authentication answer. 16 years old and old enough
for a debit account/card
•In 5 years time - children who have had every significant
moment of their life shared online – nearly all potential
PII authentication answers. 18 years old and old enough
for lines of credit, many products pushed in their
direction will be highly likely to be targeted at low credit
•Most will be venturing into the professional world, with
everything associated with it, including loans, linkedin
profiles, historic social media profiles
34
Potential for the perfect
storm
storm
AM
PII used as authentication?
•SMS and/or Email Based 2FA: Whether the site offered a
SMS (text message) or email based 2FA. Sites that offered
this method earned 1 point.
•Software Token 2FA: Whether the site allowed you to
perform 2FA using a software authenticator. Popular
software authenticators include Authy, Google
Authenticator, or Microsoft Authenticator. Sites that
offered this method earned 1 point.
•Hardware Token 2FA: Whether the site allowed you to use
a hardware token to perform 2FA. Popular hardware
tokens include YubiKey and Google Titan. Sites that used
this method earned 3 points.
36
PII used as authentication?
•SMS and/or Email Based 2FA: Whether the site offered a
SMS (text message) or email based 2FA. Sites that offered
this method earned 1 point.
•Software Token 2FA: Whether the site allowed you to
perform 2FA using a software authenticator. Popular
software authenticators include Authy, Google
Authenticator, or Microsoft Authenticator. Sites that
offered this method earned 1 point.
•Hardware Token 2FA: Whether the site allowed you to use
a hardware token to perform 2FA. Popular hardware
tokens include YubiKey and Google Titan. Sites that used
this method earned 3 points.
36
AM
Fingerprints and Biometrics
•Major breach found in biometrics system used by
banks, UK police and defence firms - Fingerprints,
facial recognition data and other personal information
lost in the data breach from Biostar 2 (Owned by
Suprema) – August 2019
•Fingerprint data is stored locally in hash on mobile
devices for IOS and most Android in Trusted
Execution Environment (TEE).
37
Fingerprints and Biometrics
•Major breach found in biometrics system used by
banks, UK police and defence firms - Fingerprints,
facial recognition data and other personal information
lost in the data breach from Biostar 2 (Owned by
Suprema) – August 2019
•Fingerprint data is stored locally in hash on mobile
devices for IOS and most Android in Trusted
Execution Environment (TEE).
37
Moving forward
AM
Right to forget
•Doesn’t mean that other users will forget
•Doesn’t mean that children are protected online
•Doesn’t mean that children’s information is not being shared
•Doesn’t educate users/parents/children about the dangers of
oversharing PII online
•Doesn’t fix the problem
39
Right to forget
•Doesn’t mean that other users will forget
•Doesn’t mean that children are protected online
•Doesn’t mean that children’s information is not being shared
•Doesn’t educate users/parents/children about the dangers of
oversharing PII online
•Doesn’t fix the problem
39
AM
Potential actions for tech
•Moving away from the PII Authentication Model – especially as a
bypass/back up for password loss
•Tackle education of users around the availability of this
information
•Attempt to limit the scope of the issue – through historic deletion
on SNS (this probably won’t happen)
•We change the infrastructure of how we secure accounts – if
these security questions are to remain then there should be
additional steps involved to reset a password or gain access to
an account
•We attempt to tackle this in a way that doesn’t cause additional
issues – i.e Netflix asking for photos of passports through email
to confirm identity
40
Potential actions for tech
•Moving away from the PII Authentication Model – especially as a
bypass/back up for password loss
•Tackle education of users around the availability of this
information
•Attempt to limit the scope of the issue – through historic deletion
on SNS (this probably won’t happen)
•We change the infrastructure of how we secure accounts – if
these security questions are to remain then there should be
additional steps involved to reset a password or gain access to
an account
•We attempt to tackle this in a way that doesn’t cause additional
issues – i.e Netflix asking for photos of passports through email
to confirm identity
40
AM
Steps moving forward for users
•Change answers to PII Questions on SNS – use like
new passwords, ideally 3 word combinations with
number/symbol contributions and upper and lower
case i.e R3dR1dingH00d!
•Use passwords specific to the SNS service you’re
using
•91% of people knowreusing passwordsis poor
practice, 59%reusetheirpasswordseverywhere – at
home and at work – training is necessary - Change
Email password to something unique
•MFA/2FA set up where possible
41
Steps moving forward for users
•Change answers to PII Questions on SNS – use like
new passwords, ideally 3 word combinations with
number/symbol contributions and upper and lower
case i.e R3dR1dingH00d!
•Use passwords specific to the SNS service you’re
using
•91% of people knowreusing passwordsis poor
practice, 59%reusetheirpasswordseverywhere – at
home and at work – training is necessary - Change
Email password to something unique
•MFA/2FA set up where possible
41
Thank You
Abigail McAlpine
Twitter @abigailmcalpine
Abigail McAlpine
Twitter @abigailmcalpine
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 10
- Slides 42
- Age 524 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
35 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
32 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views